CyberSec Roundup
A synopsis of the Latest Cybersecurity News
REvil Ransomware Operation Disappears
The REvil ransomware group seems to have vanished! The group has multiple sites on the darknet and the clearnet, which all appear to be offline; this includes the data leak Happy Blog site and their payment portal. It is unclear at this time if they were taken offline by law enforcement, or if they planned to shut down the operation to retire or rebrand. There is a belief that the Russian government is behind the shutdown, as a result of pressure put on them by the Biden administration. The group has been responsible for some of the biggest ransomware attacks this year, including the Kaseya VSA and JBS attacks.
REvil shutdown causes problems
Some victims of REvil’s recent ransomware Kaseya VSA attack have been left in a tough position since the operation has gone dark. According to ransomware remediation firm Critical Insight, some victims who decided to pay the ransom and have technical problems with the decryption keys now have no recourse. Ransomware groups normally have helpdesks to deal with these issues, but REvil’s has been shut down. They may have to pray that law enforcement is behind the recent shutdown and hope that they can recover their keys through them.
HelloKitty attacking SonicWall
SonicWall recently issued an urgent security notice to their customers, warning them of imminent ransomware attacks targeting unpatched end-of-life Secure Mobile Access 100 series and Secure Remote Access products. The HelloKitty ransomware group has been spotted exploiting these vulnerable devices, and CISA is also echoing this warning, urging administrators to patch these devices or take them offline.
By: David Pinder
IT & Security Consultant
Certified Ethical Hacker (Master)